/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; import java.io.Serializable; import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; import org.apache.commons.lang.SerializationUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IStorkConfig; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. * * @author Thomas Lenz */ public class OAAuthParameter implements IOAAuthParameters, Serializable{ /** * */ private static final long serialVersionUID = -6522544229837934376L; final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair"; private Map oaConfiguration; private List targetAreasWithNoInteralBaseIdRestriction = new ArrayList(); private List targetAreasWithNoBaseIdTransmissionRestriction = new ArrayList(); public OAAuthParameter(final Map oa, AuthConfiguration authConfig) { this.oaConfiguration = oa; //set oa specific restrictions targetAreasWithNoInteralBaseIdRestriction = KeyValueUtils.getListOfCSVValues( authConfig.getBasicMOAIDConfiguration( CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, MOAIDAuthConstants.PREFIX_CDID)); targetAreasWithNoBaseIdTransmissionRestriction = KeyValueUtils.getListOfCSVValues( authConfig.getBasicMOAIDConfiguration( CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, MOAIDAuthConstants.PREFIX_CDID)); if (Logger.isTraceEnabled()) { Logger.trace("Internal policy for OA: " + getPublicURLPrefix()); for (String el : targetAreasWithNoInteralBaseIdRestriction) Logger.trace(" Allow baseID processing for prefix " + el); for (String el : targetAreasWithNoBaseIdTransmissionRestriction) Logger.trace(" Allow baseID transfer for prefix " + el); } } public Map getFullConfiguration() { return Collections.unmodifiableMap(this.oaConfiguration); } public String getConfigurationValue(String key) { return this.oaConfiguration.get(key); } @Override public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { String targetAreaIdentifier = getAreaSpecificTargetIdentifier(); for (String el : targetAreasWithNoInteralBaseIdRestriction) { if (targetAreaIdentifier.startsWith(el)) return false; } return true; } @Override public boolean hasBaseIdTransferRestriction() throws ConfigurationException { String targetAreaIdentifier = getAreaSpecificTargetIdentifier(); for (String el : targetAreasWithNoBaseIdTransmissionRestriction) { if (targetAreaIdentifier.startsWith(el)) return false; } return true; } @Override public String getAreaSpecificTargetIdentifier() throws ConfigurationException { if (getBusinessService()) return getIdentityLinkDomainIdentifier(); else return MOAIDAuthConstants.PREFIX_CDID + getTarget(); } @Override public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException{ if (getBusinessService()) return getIdentityLinkDomainIdentifierType(); else return getTargetFriendlyName(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() */ //@Override private String getIdentityLinkDomainIdentifier() { String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) { if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) { return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value; } else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) { return MOAIDConstants.PREFIX_EIDAS + value; } else { return MOAIDConstants.PREFIX_WPBK + type + "+" + value; } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() */ //@Override private String getIdentityLinkDomainIdentifierType() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); if (MiscUtil.isNotEmpty(value)) return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value); else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() */ //@Override private String getTarget() { if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); else { if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET) + "-" + oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); } else { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); } } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName() */ //@Override private String getTargetFriendlyName() { if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); else return TargetToSectorNameMapper.getSectorNameViaTarget(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() */ @Override public String getKeyBoxIdentifier() { String keyBoxId = oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); if (MiscUtil.isNotEmpty(keyBoxId)) return keyBoxId; else return DEFAULT_KEYBOXIDENTIFIER; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() */ @Override public SAML1ConfigurationParameters getSAML1Parameter() { SAML1ConfigurationParameters returnValue = new SAML1ConfigurationParameters(); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)) returnValue.setActive( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)) returnValue.setProvideAuthBlock( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)) returnValue.setProvideIdl( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)) returnValue.setProvideBaseId( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)) returnValue.setProvideCertificate( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)) returnValue.setProvideMandate( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)) returnValue.setProvideAllErrors( Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); return returnValue; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ @Override public List getTemplateURL() { List list = new ArrayList(); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)); return list; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() */ @Override public String getAditionalAuthBlockText() { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) */ @Override public String getBKUURL(String bkutype) { if (bkutype.equals(THIRDBKU)) { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); } else if (bkutype.equals(HANDYBKU)) { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); } else if (bkutype.equals(LOCALBKU)) { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); } else if (bkutype.equals(ONLINEBKU)) { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); } Logger.warn("BKU Type does not match: " + THIRDBKU + " or " + HANDYBKU + " or " + LOCALBKU); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() */ @Override public List getBKUURL() { List list = new ArrayList(); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)) list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)) list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)); if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)) list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)); return list; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() */ @Override public boolean useSSO() { try { return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED)); } catch (Exception e) { Logger.warn("Use SSO configuration parameter is not parseable.", e); return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() */ @Override public boolean useSSOQuestion() { try { return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST)); } catch (Exception e) { Logger.warn("SSO user question configuration parameter is not parseable.", e); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ @Override public List getMandateProfiles() { String profileConfig = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES); if (MiscUtil.isNotEmpty(profileConfig)) { List list = new ArrayList(); String profilesArray[] = profileConfig.split(","); for(int i = 0; i < profilesArray.length; i++) { list.add(profilesArray[i].trim()); } return list; } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() */ @Override public boolean isShowMandateCheckBox() { try { return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE)); } catch (Exception e) { Logger.warn("Enable mandates configuration parameter is not parseable.", e); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() */ @Override public boolean isOnlyMandateAllowed() { try { return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_ONLY)); } catch (Exception e) { Logger.warn("Use ONLY mandates configuration parameter is not parseable.", e); return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() */ @Override public boolean isShowStorkLogin() { try { return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)); } catch (Exception e) { Logger.warn("Enable STORK login configuration parameter is not parseable.", e); return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override public String getQaaLevel() { String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); if (MiscUtil.isEmpty(eidasLoALevel)) return MOAIDConstants.eIDAS_LOA_HIGH; else return eidasLoALevel; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() */ @Override public Collection getRequestedSTORKAttributes() { Map attrMap = new HashMap(); Map resultMap = new HashMap(); Set configKeys = oaConfiguration.keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); if (!attrMap.containsKey(index)) { String isRequested = oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED); if (MiscUtil.isNotEmpty(isRequested) && Boolean.parseBoolean(isRequested)) { StorkAttribute attr = new StorkAttribute( oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME), Boolean.valueOf(oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); attrMap.put(index, 0); resultMap.put(attr.getName(), attr); } } } } //add mandatory attributes from general config try { for (StorkAttribute el : AuthConfigurationProviderFactory.getInstance().getStorkConfig().getStorkAttributes()) { if (el.getMandatory()) resultMap.put(el.getName(), el); } } catch (Exception e) { Logger.warn("Mandatory STORK attributes can not added.", e); } return resultMap.values(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() */ @Override public boolean isRequireConsentForStorkAttributes() { try{ if (isSTORKPVPGateway()) return false; if (MiscUtil.isEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) { Logger.info("isRequireConsentForStorkAttributes() is empty, returning default value 'true'"); return true; } return Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT)); }catch(Exception e) { Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'", e); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() */ @Override public Collection getStorkAPs() { Map pluginMap = new HashMap(); Set configKeys = oaConfiguration.keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); if (!pluginMap.containsKey(index)) { StorkAttributeProviderPlugin attr = new StorkAttributeProviderPlugin( oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME), oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL), oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES)); pluginMap.put(index, attr); } } } return pluginMap.values(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() */ @Override public byte[] getBKUSelectionTemplate() { try { String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); } } catch (Exception e) { Logger.warn("OA specific BKU selection template is not decodeable", e); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() */ @Override public byte[] getSendAssertionTemplate() { try { String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); } } catch (Exception e) { Logger.warn("OA specific BKU selection template is not decodeable", e); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() */ @Override public Collection getPepsList() { Map cPEPSMap = new HashMap(); try { IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); if (availableSTORKConfig != null) { Set configKeys = oaConfiguration.keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); if (!cPEPSMap.containsKey(index)) { if (Boolean.parseBoolean(oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) { CPEPS availableCPEPS = availableSTORKConfig.getCPEPSWithFullName( oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)); if (availableCPEPS != null) cPEPSMap.put(index, availableCPEPS); } } } } } } catch (ConfigurationException e) { Logger.error("MOA-ID configuration is not accessable.", e); } return cPEPSMap.values(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() */ @Override public String getIDPAttributQueryServiceURL() { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); } @Override public boolean isInboundSSOInterfederationAllowed() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isOutboundSSOInterfederationAllowed() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isPassivRequestUsedForInterfederation() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isPerformLocalAuthenticationOnInterfederationError() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isInterfederationSSOStorageAllowed() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } public boolean isIDPPublicService() throws ConfigurationException { return !hasBaseIdTransferRestriction(); } public String getSTORKPVPForwardEntity() { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() */ @Override public boolean isTestCredentialEnabled() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() */ @Override public List getTestCredentialOIDs() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); if (MiscUtil.isNotEmpty(value)) { List list = new ArrayList(); String profilesArray[] = value.split(","); for(int i = 0; i < profilesArray.length; i++) { list.add(profilesArray[i].trim()); } return list; } else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() */ @Override public PrivateKey getBPKDecBpkDecryptionKey() { try { EncryptedData encdata = new EncryptedData( Base64Utils.decode( oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), Base64Utils.decode( oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false)); byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); BPKDecryptionParameters data = (BPKDecryptionParameters) SerializationUtils.deserialize(serializedData); return data.getPrivateKey(); } catch (BuildException e) { Logger.error("Can not decrypt key information for bPK decryption", e); } catch (NullPointerException e) { Logger.error("No keyInformation found for bPK decryption"); } catch (IOException e) { Logger.error("Can not decode key information for bPK decryption.", e); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() */ @Override public String getPublicURLPrefix() { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); } private boolean getBusinessService() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return true; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() */ @Override public boolean isInderfederationIDP() { String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); return MOAIDConfigurationConstants.PREFIX_IIDP.equals(value); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway() */ @Override public boolean isSTORKPVPGateway() { String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); return MOAIDConfigurationConstants.PREFIX_GATEWAY.equals(value); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName() */ @Override public String getFriendlyName() { return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); } ///* (non-Javadoc) // * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType() // */ //@Override //public String getOaType() { // if (getBusinessService()) // return "businessService"; // else // return "publicService"; //} /** * * @return true/false if bPK or wbPK should not be visible in AuthBlock */ public boolean isRemovePBKFromAuthBlock() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() */ @Override public List getReversionsLoggingEventCodes() { String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) { String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); if (MiscUtil.isNotEmpty(eventCodes)) { String[] codes = eventCodes.split(","); List result = new ArrayList(); for (String el : codes) { try { result.add(Integer.valueOf(el.trim())); } catch (NumberFormatException e) { Logger.warn("EventCode can not parsed to Integer.", e); } } if (!result.isEmpty()) return result; } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() */ @Override public boolean isUseIDLTestTrustStore() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() */ @Override public boolean isUseAuthBlockTestTestStore() { String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } public String toString() { if (oaConfiguration != null) return Arrays.asList(oaConfiguration).toString(); return "Object not initialized"; } }